100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
AIS Advanced Exam 1 Questions & Answers 2024/2025 $9.99   Add to cart

Exam (elaborations)

AIS Advanced Exam 1 Questions & Answers 2024/2025

 5 views  0 purchase
  • Course
  • AIS Advanced
  • Institution
  • AIS Advanced

AIS Advanced Exam 1 Questions & Answers 2024/2025 Biro's Tenets - AWTIRC - ANSWERS- Assume nothing - What is the root cause? - Trust but verify (Ronald Reagan) - Integrity - Respect for those you audit and their mission - Compliance does NOT equal security; compliance is not...

[Show more]

Preview 3 out of 20  pages

  • August 10, 2024
  • 20
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • AIS Advanced
  • AIS Advanced
avatar-seller
Bensuda
AIS Advanced Exam 1 Questions &
Answers 2024/2025

Biro's Tenets - AWTIRC - ANSWERS- Assume nothing



- What is the root cause?



- Trust but verify (Ronald Reagan)



- Integrity



- Respect for those you audit and their mission



- Compliance does NOT equal security; compliance is not permanent



Difference between a risk assessment and IT audit - ANSWERSRisk assessment allows an entity to
understand the extent to which potential events might impact objectives



IT audit is similar to RA but with teeth - demonstrates compliance with law, regulation or policy



Definition of Risk - ANSWERSA daily occurrence

* Risk = Probability (Likelihood) x Impact



Recent noteworthy Info Security Breaches (Jan 2023) - ANSWERS- Twitter: Database of over 200 million
users goes public

- Mail-chimp: Discloses social engineering attack

- Norton Life-lock: Warns customer of credential stuffing attack

- PayPal: Reports credential stuffing attack

,- CommuteAir: No Fly List leaks over unsecured server

- T-Mobile: Disclosed data breach affecting 37 million customers



COSO ERM - ANSWERS(Enterprise Resource Management) framework



A process, effected by an entity's board of directors, management and other personnel, applied in
strategy setting and across the enterprise, designed to identify potential events that may affect the
entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the
achievement of entity objectives



Response to Risk - ARSA - ANSWERS4 categories:

- Avoid

- Reduce

- Share

- Accept



Management considers these responses with the intent of achieving a residual risk level aligned with the
entity's tolerances



Risk Culture - ANSWERSSet of encouraged and acceptable behaviors, discussions, decisions, and
attitudes toward taking and managing risk within an institution



- Glue that binds all elements of risk management infrastructure together, bc it reflects the shared
values, goals, practices and reinforcement mechanisms that embed risk into organization's decision-
making processes and risk mgmt into its operating processes



- Surveyed to establish ERM

- after risk philosophy is determined

- before organizational integrity and ethical values are considered

- before roles and responsibilities are decided

, Risk Appetite - ANSWERSThe amount of risk - on a broad level - an entity is willing to accept in pursuit of
value

- Use quantitative/qualitative terms and consider risk tolerance



Internal Auditor - ANSWERSPlay an important role in monitoring ERM, but do NOT have primary
responsibility for its implementation or maintenance



Assist mgmt and the board/audit committee in the process by:

- Monitoring

- Examining

- Evaluating

- Reporting

- Recommending Improvements



Definition of Risk Assessment - ANSWERSThe identification and analysis of risks to the achievement of
business objectives —> it forms a basis for determining how risks should be managed



Assesses risk from 2 perspectives: Likelihood and Impact



Assesses risk on both an inherent and a residual basis



How internal auditors add value: - ANSWERS- Reviewing critical control systems and risk mgmt processes

- Performing an effectiveness review of mgmt's risk assessments and the internal controls

- Providing advice in the design & improvement of control systems and risk mitigation strategies

- Implementing a risk-based approach to planning & executing the internal audit process

- Ensuring that internal auditing's resources are directed at those areas most important to the
organization

- Challenging the bass of mgmt's risk assessments & evaluating the adequacy & effectiveness of risk
treatment strategies

- Facilitating ERM workshops

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Bensuda. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $9.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79079 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$9.99
  • (0)
  Add to cart